top of page

​Willwali Privacy Policy
Effective Date: 1 July 2025 ( Previous update 23 March 2025 )
 

Compliant with India’s Digital Personal Data Protection Act 2023 & Malaysia PDPA 2010 - incl. 2025 amendments


Willwali ("we", "our", "us") is committed to protecting your personal data. This notice explains how we collect, use, disclose, and safeguard information under:

  • India - Digital Personal Data Protection Act 2023 (DPDP Act)

  • Malaysia - Personal Data Protection Act 2010 (PDPA)
     

1. What Personal Data We Collect

  • Personal identification: Name, NRIC/passport, Aadhaar/PAN (if provided), nationality, gender, date of birth, phone, email, address.

  • Sensitive personal data: Religion, marital status, asset ownership, heirs / next‑of‑kin, health or special‑needs information.

  • Technical: IP address, device type, browser, login metadata.

  • Usage: Interactions with our platform and emails.

  • Consent records: Timestamped logs of every consent action.
     

2. How We Collect Data

  • Direct inputs on our platform

  • Emails, chat or calls with our team

  • Cookies, analytics, and similar tracking tech

  • Verified third‑party services (e.g. eKYC, payment gateways)
     

3. Legal Basis for Processing

  • Consent - obtained explicitly, especially for any sensitive data.

  • Legitimate Use - as defined in DPDP §â€¯7 and Malaysia’s General Principle (e.g. legal obligations, contract fulfilment).


4. Purpose & Data Minimization

We process only what is necessary to:

  • Provide, personalize and improve our will‑writing & estate‑planning services.

  • Store and deliver your documents securely.

  • Fulfil legal / religious distribution requirements (e.g. Faraid).

  • Enable eKYC, payment, and last‑mile delivery.

  • Detect fraud and comply with law.

  • Send marketing updates only if you opt‑in.
     

5. Children’s Data

Our services target users 18 years and above in Malaysia and India & 21 years and above in Singapore. We do not knowingly collect data from minors. If you are under 18, parental or guardian consent is required; unless the minor’s data is entered by that parent or guardian as part of their own will or estate plan, we will delete any under‑age data discovered without such consent.
 

6. Consent Management

  • Consents are captured via dedicated check‑boxes during onboarding / form submission.

  • Consent is revocable at any time by emailing [legal @willwali.com].

  • Revocations by Indian users are honored under DPDP §â€¯6 and logged in our records.
     

7. Cross‑Border Data Transfers

  • Processing may occur in Malaysia, India, Singapore or other jurisdictions.

  • Transfers comply with DPDP §â€¯16 (we do not transfer data to any country India designates as “restricted”) and Malaysia’s adequacy / explicit‑consent requirements.
     

8. Data Sharing & Processors

We share data only with partners that contractually commit to PDPA & DPDP compliance:

  • Legal firms / POS agents (for verification & delivery).

  • Infrastructure & cloud providers (hosting, analytics).

  • ID verification and payment partners.
     

9. Data Security

We employ layered technical & organizational controls, including:

  • TLS 1.2+ encryption in transit; AES‑256 encryption at rest.

  • Role‑based access and multi‑factor authentication for staff.

  • Regular penetration tests, security audits and continuous logging/monitoring.

  • Incident‑response plan aligned to both PDPA & DPDP.
     

10. Data Retention & Deletion

  • Will‑related records (final will documents, execution proofs, consent logs) are retained for the lifetime of the testator and for at least 7 years after we receive formal notice of their death, or longer if required to administer the estate or comply with legal or family requests.

  • All other account data is retained 7 years after your last active use, unless a longer period is mandated by applicable law.

  • You may request deletion (Right to Erasure - DPDP §â€¯12) except where we must retain information to administer an active or potential estate, defend legal claims, or satisfy statutory record‑keeping duties.
     

11. Your Rights

India (DPDP Act)

  • Right to Access Information

  • Right to Correction

  • Right to Erasure

  • Right to Grievance Redr essal (via Privacy Lead)

Malaysia (PDPA)

  • Right to Access & Correct

  • Right to Withdraw Consent

  • Right to object to processing likely to cause unwarranted damage or distress

  • Right to Prevent Direct Marketing

  • Right to Data Portability

To exercise any right, email [legal @willwali.com]. We respond within 21 days (MY) or a reasonable period (IN).
 

12. Data Breach Notification

  • Malaysia: we notify the Commissioner as soon as practicable and affected users within 7 days.

  • India: we notify the Data Protection Board within the timeframe prescribed (currently 72 hours once rules are finalized) and inform principals promptly.
     

13. Grievance, Redressal & DPO

We have appointed a Privacy Lead for both jurisdictions:

If Willwali is classified as a Significant Data Fiduciary (SDF) under Indian law in the future, we will appoint an India‑based DPO and independent data auditor as required.
 

14. Compliance Registrations & Future Obligations

Willwali monitors processing volumes and will register as a Data User (Controller) with Malaysia’s PDP Department when class criteria apply.
 

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. All material updates will be posted on our website and update the “Effective Date” above.
 

Questions or Requests?
Email [legal @willwali.com] to access data, revoke consent, or raise any concern.
 

​

bottom of page